No video
Azure AD Pass-through Authentication and Seamless Single Sign-on
Рет қаралды 128,845
Күн бұрынWatch Senior Program Manager Microsoft Identity Services, Swaroop Krishnamurthy, show you a new way you can harness the power of cloud authentication while still keeping your passwords on-premises using Azure Active Directory pass-through authentication and
seamless single sign-on capabilities.
You'll see how Azure AD can now validate securely your passwords against on-premises Active Directory all without the need for expensive on-premises infrastructure and automatically sign your users in while they're at work.
@say2merohit 10 ай бұрын
still relevant in 2023 I keep coming back to this every other time
@bobbymoore868 4 жыл бұрын
I love this channel. A massive massive help; simple, clear and well structured.
@raydavis3697 8 ай бұрын
Great video. Thank you.
@mavaddat 6 жыл бұрын
This is so cool! And what a helpfully concise and easy to understand run through of how to set it up.
@JoseRodriguezFrio 3 жыл бұрын
This was available in 2017?? wow, good stuff
@say2merohit 3 жыл бұрын
Love the content and Music is great too
@KarthikS30712 9 ай бұрын
That IE logo!
@edohio435 6 жыл бұрын
I wish it was more clear if you can use Microsoft MFA and this technique. I keep seeing conflicting notes on this. I understand 3rd party MFA but can you use MS MFA and this AD Connect SSO?
@Trent_Plays 6 жыл бұрын
What about when the user is not on the corporate LAN? or the computer is not domain joined?
@MSFTMechanics 6 жыл бұрын
If the machine was on the local network, then connects to a resource from outside the local network, the Kerb ticket has a limited validity window for a few hours so if you connect when you get home for example home it doesn't re-prompt for creds. Once that ticket does expire, it will fallback to re-prompt for creds.
@BrendanMetcalfe 4 жыл бұрын
Thanks!
@biaz666 6 жыл бұрын
Is Seamless Single Sign-on with hash sync possible for multiple on-prem domains?
@henreeneo 6 жыл бұрын
Hi Guys, Thanks for this video. I'm currently facing a dilemma. I set up SSO via AD connect and all works fine. But i created a scenerio where i turned off my on premise servers and after a few minutes i keep getting prompts to enter my password for office365 on my mobile device and on my laptop as well. Please what could the issue be. I enabled password sync but this is really strange. I thought password sync enables cloud storage of passwords so i can login to O365 even when my on premise server is down
@glennquag3838 4 жыл бұрын
Hi just learning about SSO setting up the method above will I still be able to have password changes made to on-premise active directory or suspending/deleting accounts be automatically synced still?
@MSFTMechanics 4 жыл бұрын
Yes, with pass through authentication, password hash sync or ADFS, those changes will replicate. Having worked in IT though, I think setting up password writeback to the on premises directory service is even better than mastering in AD on prem. Also will reduce helpdesk calls if users now can't access the domain easily outside the office.
@thaddeusbrown1009 6 жыл бұрын
On the same lines as Michel Dumont, we used password hash sync for user sign in. Instructions say you can use Password Hash sync with SSO. However later on in the video it says you don't want to pass hashes to the cloud. Can you add some clarity to that?
@MSFTMechanics 6 жыл бұрын
The option is an alternative to password hash sync. Even though password hash sync is a great option, secure and easiest to implement, some organizations still prefer not syncing anything related to a password to the cloud (even a hash of a hash). AD Federation Services then used to be only way to redirect auth to an on premises server. Now Pass Through Auth gives you another option if you don't want to sync password hashes.
@miked.4786 6 жыл бұрын
I'm confused. Is unchecking password synchronization a requirement for Seamless Sign-On to work ?
@MSFTMechanics 6 жыл бұрын
+Michel Dumont Seamless SSO works with Pass through Authentication or Password Hash Sync. The reason Swaroop unchecked Password Sync was because he was configuring Pass Through Authentication. -Jeremy
@ankur9952 7 жыл бұрын
How is the Outlook Client Experience using Seamless SSO with Pass-through Auth ? Does It works for non-domain join Machine ?
@MSFTMechanics 7 жыл бұрын
Yes - you'll need to still run the Outlook client's first run experience to add the account for the email OST to start building, but after that SSO will be automatic and that is true for the other signed-in Office apps as well.
@ankur9952 7 жыл бұрын
Thanks for your response. In case if Outlook Profile is already build and connected to Exchange Online and now if I have set up Seamless SSO then it should prompt for the first time and then it should do automatic login ? Or I need to create a new Outlook Profile?
@Wittysomethinghere 7 жыл бұрын
Does the SSO extend into O365 installed apps on the end point (e.g. Outlook, Word, OneDrive, ...)?
@MSFTMechanics 7 жыл бұрын
Yes - see question from Ankur earlier. First run experiences (FRE) in cases still need to run for initial config, but ongoing authentication and authorization should work in run state. -Jeremy
@gvgandhi 4 жыл бұрын
Jeremy seems to know nothing
@MSFTMechanics 4 жыл бұрын
Thanks Vinay! -Jeremy
Office365Concepts
Рет қаралды 22 М.
Adam Marczak - Azure for Everyone
Рет қаралды 704 М.
John Savill's Technical Training
Рет қаралды 219 М.
Microsoft Azure
Рет қаралды 11 М.